This topic introduces the terms related to Resource Management.

Resource Management

Terms related to Resource Directory

Term Description
resource directory

Alibaba Cloud provides resource directories for enterprises to manage the relationship of a number of accounts.

A resource directory allows you to quickly establish an organizational structure based on your business requirements. Then, you can consolidate the accounts of your enterprise into this structure to form a hierarchy for resources. This way, you can manage accounts and resources in a centralized manner. The resource directory can meet your management requirements for network deployment, settlement, user permissions, security compliance, and log auditing.

folder A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain member accounts and child folders, which forms a tree-shaped organizational structure.
Root folder The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.
master account

A master account is the account that is used to enable a resource directory and is the super administrator of the resource directory. The master account has all administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a master account. Each resource directory has only one master account.

To ensure the security of the master account, we recommend that you create an Alibaba Cloud account and use this account as the master account.

Note A master account does not belong to a resource directory and is not limited by the control policies of a resource directory.
member account

A member account serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources of different member accounts are isolated.

The following types of member accounts are supported:

  • Resource account

    We recommend that you use resource accounts in a resource directory. By default, root permissions are not granted to resource accounts. Therefore, resource accounts are secure. You can use a master account to authorize RAM users, user groups, or roles to access the resources of resource accounts.

  • Cloud account

    A cloud account has all the features of an Alibaba Cloud account, including root permissions. When you create a cloud account in a resource directory, you must use a new email address as the logon name of the cloud account. For more information, see Create a member account. You can use a master account to authorize RAM users, user groups, or roles to access the resources of cloud accounts.

    Note

    If you want to use a created cloud account to log on to Alibaba Cloud, you must first reset the account password.

Alibaba Cloud account

An Alibaba Cloud account serves as a unique ID for you to access, purchase, and manage resources on Alibaba Cloud. The account is also a resource container and a capital account. It identifies a user and represents an identity.

However, the member accounts are Alibaba Cloud accounts that serve only as resource containers. After you consolidate the accounts of your enterprise into a resource directory, you can also manage the users and funds that belong to these accounts in a centralized manner.

Terms related to Resource Group

resource group

You can sort resources owned by your Alibaba Cloud account into various resource groups. This simplifies resource and permission management within your Alibaba Cloud account.

Terms related to Resource Sharing

Term Description
resource share A resource share is an instance of the Resource Sharing service. It is also a cloud resource and has a unique ID and an Alibaba Cloud Resource Name (ARN). A resource share consists of a resource owner, shared targets, and shared resources.
resource owner A resource owner initiates resource sharing and owns shared resources. It is the master account or a member account of a resource directory.
shared target A shared target shares the resources of resource owners. It has specific operation permissions on the shared resources. A shared target is a member account of a resource directory. Multiple shared targets can share the same resource.
Note The operation permissions of each shared target on the shared resources are determined based on the Alibaba Cloud service to which the resources belong. For example, the operation permissions of shared targets on the shared vSwitches in a VPC are determined based on the VPC service. For more information, see Permissions related to VPC sharing.
shared resource A shared resource is a resource of an Alibaba Cloud service, such as a vSwitch in a VPC.

Terms related to Tag

Term Description
key-value pair

A tag consists of a key-value pair. Limits:

  • A tag key must be 1 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.
  • A tag value must be 1 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.
  • Each tag key of a resource can have only one tag value. If you create a tag that has the same key as an existing tag, the value of the existing tag is overwritten.

    For example, the city:shanghai tag is added to a resource. If you add the city:newyork tag to the resource, the city:shanghai tag is automatically removed from the resource.

custom tag A custom tag is created by a user. For more information, see Create and bind a tag.
system tag A system tag is defined by the system. You can only query system tags.